Friday, September 05, 2008
Thursday, September 04, 2008
"A major effort to upgrade intelligence computers that hold the government's master list of terrorist identities is embroiled in controversy about the project's management and the work of contractors hired for the job, documents and interviews show.
The Terrorist Identities Datamart Environment, or TIDE, serves as the central repository of information about more than 400,000 suspected terrorists around the world. Operating at the National Counterterrorism Center, TIDE and other systems each day deliver files of information to watch-list programs that screen people traveling into the United States, or they make data available online to intelligence analysts across the government...
Dozens of documents obtained by The Washington Post show that Boeing and SRI International, one of the primary contractors, and dozens of other subcontractors have sometimes struggled to fulfill a mission that from the outset was not clearly defined.
Officials at Boeing and SRI declined to answer questions...
A recent review by SRI and subcontractors, done at the behest of government officials, turned up more than 500 instances where the system did not function as planned or as analysts expected."
"The Internet offers the potential for economic growth stemming from online human communications. But recent industry and government actions have disfavored these possibilities by treating the Internet like a content-delivery supply chain. This Article recommends that the Internet be at the center of communications policy. It criticizes the nearly exclusive focus of communications policy on the private economic success of infrastructure and application providers, and suggests that communications policy be focused on facilitating communications themselves."
"The key organizing principle for communications law must be to support the emergence of diverse new ideas online as this is where economic growth for society as a whole will come from. This form of diversity support is not the same as the kind of quota-driven, artificial diversity that has been used to force broadcast content regulation to reflect minority viewpoints. Rather, this kind of online diversity stems from allowing the end-to-end, content-neutral, layer-independent functions of the Internet to flourish, and allowing groups and human attention to pick and choose from among the ideas presented online, enabling good ideas to persist and replicate...
We need to reframe communications law to support what matters. What matters are communications themselves, and the increasingly diverse and valuable ideas they produce."
Professor Crawford has long been an advocate of net neutrality and welcomed the recent FCC decision limiting Comcast's throttling of peer to peer network flows. As a Comcast customer with no TV she has a personal stake in the operations of that particular communications provider.
Wednesday, September 03, 2008
"The decision not to release any information about the ContactPoint security review was taken by an independent panel. I personally chaired ths panel to ensure its independence from any outside interests. I was of course not directly involved in the original requests, which were handled by a junior staff member.
The security of ContactPoint relies on nobody knowing how it works. If nobody knows what the security measures are, how can they possibly circumvent them? This is simply common sense. Details of the security measures will be shared only with the 330,000 accredited and vetted public servants who will have direct access to the database of children...
ContactPoint is both a safe and secure system and I should remind everyone that it is fundamental to its success that it is perceived as such by parents, the professionals that use it and others with an interest in ContactPoint and its contribution to delivering the Every Child Matters agenda. Maintaining this perception of absolute “gold standard” security is why it is so important that nobody should question the security arrangements put in by our contractor Cap Gemini (whom I shall be meeting again in Andorra over the weekend)."
Tuesday, September 02, 2008
"The public-spirited professors are getting into the act by writing their own open-licensed textbooks. One of the most famous instances of this is CalTech professor R. Preston McAfee’s economics textbook, Introduction to Economic Analysis, which has been adopted at NYU and Harvard. McAfee declined to accept a $100,000 advance from a commercial publisher in order to make his textbook freely available online under a Creative Commons Attribution-NonCommercial-ShareAlike license. (This means that people are free to use and modify the book without payment or permission so long as they attribute authorship to McAfee, do not sell the textbook, and share any derivative works under the same license terms.)"
"Anyway, even if there are risks, they must be balanced against the clear benefits. The UK Border Agency has announced that the first ID cards will be issued to Johnny Foreigner as of 25th of November 2008, and they will according to this website provide some stunning benefits:
The Government's national identity scheme gives people for the first time the ability to prove who they are in a secure and convenient way, protecting themselves and their families against identity fraud, crime, illegal immigration, illegal working and terrorism.
Well, I'm sorry but I don't think that's terribly fair. I pay my taxes, and I'm a British Citizen, so why is it that these foreigners are getting their families protected from identity fraud, crime, illegal immigration, illegal working and terrorism before I am? AND it's all being done in a secure and convenient way. I mean, my personal bank can't even let me check the balance in a secure and convenient way, so I want a piece of this stuff!
Sorry, I'm overdoing it again. I've been watching too many Top Gear reruns on Dave and I'm channelling Jeremy Clarkson."
"A few weeks back, I got an invitation from Matt Small to get a tour of Blackboard NG. Given all the rumors and speculation around it, I was obviously interested. I particularly wanted to know how much of it exists in code today and how much is vapor. So I took Matt up on his offer, and got a tour from him and John Fontaine. And while I didn’t quite get a full answer to the vaporware question, I did learn a lot of other interesting stuff about the platform and Blackboard’s strategy...
The NG strategy has both defensive and offensive components to it. On the defensive side, it is intended to fix what even Blackboard acknowledges is a clunky user experience in their current-generation product. As anyone who has taught with Blackboard knows, it takes about 57 clicks to do just about anything. One of the first things that John and Matt highlighted in NG is that the page authoring system should be a big improvement over the current design. On their way to doing this, Blackboard is also adding a more modern iGoogle-like drag-and-drop environment and beefing up their accessibility...
Blackboard is using its size and financial characteristics as a weapon against both smaller proprietary competitors and open source alternatives. This came up repeatedly in different ways throughout the conversation...
Michael Chasen has repeatedly characterised Sakai and Moodle (the latter of which he consistently avoids mentioning by name) as departmental choices. This message is reinforced by Blackboard’s pitch about being an “enterprise software company.” Put all of this together, and the message to unversities is, “You don’t want to trust your mission-critical system to some flakey open source group. Buy your enterprise software from us. If you need to placate some users on your campus, let them run Sakai or Moodle at the departmental level and have them manage their courses through Blackboard. Over time, you’ll be able to wean them off of those toys and get them onto a big boy LMS.” Neither John nor Matt said it directly, but my sense is that this strategy applies specifically and only to open source. They seem to believe that they have Desire2Learn and ANGEL well in hand and don’t need this containment strategy for them."
Any voting system must be designed to resist a variety of failures, ranging from inadvertent
misconfiguration to intentional tampering. The problem with conducting analyses of these issues, particular across widely divergent technologies, is that it’s very difficult to make apples-to-apples comparisons. This paper considers the use of a standard technique used in the analysis of algorithms, namely complexity analysis with its “big-O” notation, which can provide a high-level abstraction that allows for direct comparisons across voting systems. We avoid the need for making unreliable estimates of the probability a system might be hacked or of the cost of bribing key players in the election process to assist in an attack. Instead, we will consider attacks from the perspective of how they scale with the size of an election. We distinguish attacks by whether they require effort proportional to the number of voters, effort proportional to the number of poll workers, or a constant amount of effort in order to influence every vote in a county. Attacks requiring proportionately less effort are correspondingly more powerful and thus require more attention to countermeasures and mitigation strategies. We perform this analysis on a variety of voting systems in their full procedural context, including optical scanned paper ballots, electronic voting systems, both with and without paper trails, internet-based voting schemes, and future cryptographic techniques."
Electronic Frontier Finland's (Effi's) 'shadow report' on the Finnish e-voting pilot has been translated into English and is available now on Electronic Frontier Finland web pages.
The original Finnish version was published on the 19th of June, 2008. The English version has been updated to include commentary on the University of Turku audit report.
Finland is piloting a direct recording electronic (DRE) type, polling station based (non-remote) e-voting system in its municipal elections in October 2008. In the proposed system, we argue that ensuring the correctness of the results is extremely difficult. The voting results may be affected by multiple components of the e-voting system, and observing the counting process of ballots is impossible in the traditional sense. The results may be affected by a small group of people, either involuntarily through programming errors, or with malicious intent. The inspections and audits of the system presently only apply to parts of the system, and even in these cases, citizens must trust specialists as major parts of the system software are considered to be trade secrets.
In addition, the audit of the system found that it may be possible to find out how an individual has voted, if an attacker would get access to the electronic ballot box and certain encryption keys, both of which are planned to be archived for several years.
Electronic Frontier Finland's shadow report compares the Finnish e-voting system with the Council of Europe recommendations for e-voting, and argues that the fully electronic voting system, which will be used in the Finnish e-voting pilot, does not meet these recommendations.
Thanks to Louise Ferguson via ORG for the link.
Sunday, August 31, 2008
"In the first post in this series, I argued that the most important decisions affecting the future of freedom of speech in the digital age may not occur in judge-made constitutional law; many of them will be decisions about technological design, legislative and administrative regulations, the formation of new business models, and the collective activities of end-users. In the twenty-first century, the values of freedom of expression will become subsumed in an even larger set of concerns that I call knowledge and information policy...
To be sure, advocates of network neutrality have often made their case before the public by focusing specifically about the dangers of content censorship. That may be easier for people steeped in our first amendment traditions to understand. Yet the larger question in the debate over network neutrality is innovation policy; that question has enormous implications for media access and for future opportunities to speak, listen, share information, and associate with others."
"We are, of course, well aware that several conclusions of the IViR studies do not agree with the policy choices underlying the Commission's proposals. And we are certainly not so nave as to expect that the recommendations of an academic institution such as ours, however well researched and conceived they may be, will find their way into the Commission's policies in undiluted form. What we would expect however is that our work, which was expressly commissioned by the policy unit in charge of these proposals, be given the appropriate consideration by the Commission and be duly referenced in its policy documents, in particular wherever the Commission's policy choices depart from our studies' main recommendations.
As you are certainly aware, one of the aims of the 'Better Regulation' policy that is part of the Lisbon agenda is to increase the transparency of the EU legislative process. By wilfully ignoring scientific analysis and evidence that was made available to the Commission upon its own initiative, the Commission's recent Intellectual Property package does not live up to this ambition. Indeed, the Commission's obscuration of the IViR studies and its failure to confront the critical arguments made therein seem to reveal an intention to mislead the Council and the Parliament, as well as the citizens of the European Union.
In doing so the Commission reinforces the suspicion, already widely held by the public at large, that its policies are less the product of a rational decision-making process than of lobbying by stakeholders. This is troublesome not only in the light of the current crisis of faith as regards the European lawmaking institutions, but also - and particularly so - in view of European citizens' increasingly critical attitudes towards intellectual property law."
Again this is very direct hard hitting language from an academic indicating the extent to which policymaking is disconnected from empirical evidence when it comes to intellectual property. I should really have included a note of Prof. Hugenholtz's letter in my comments to the UK IPO on copyright term extension.